Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-23599

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound eMarksheet allows Reflected XSS. This issue affects eMarksheet: from n/a through 5.0.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-23594

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uzzal mondal Google Map With Fancybox allows Reflected XSS. This issue affects Google Map With Fancybox: from n/a through 2.1.0.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-23593

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound EmailPress allows Reflected XSS. This issue affects EmailPress: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-23591

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blu Logistics Pte. Ltd. blu Logistics allows Reflected XSS. This issue affects blu Logistics: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-23590

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Burtay Arat Dezdy allows Reflected XSS. This issue affects Dezdy: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-23588

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WOW WordPress WOW Best CSS Compiler allows Reflected XSS. This issue affects WOW Best CSS Compiler: from n/a through 2.0.2.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-23582

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haider Ali Bulk Categories Assign allows Reflected XSS. This issue affects Bulk Categories Assign: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-23581

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Zoom Studio Demo User DZS allows Stored XSS. This issue affects Demo User DZS: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-23561

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MLL Audio Player MP3 Ajax allows Stored XSS. This issue affects MLL Audio Player MP3 Ajax: from n/a through 0.7.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-23527

    Missing Authorization vulnerability in Hemnath Mouli WC Wallet allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WC Wallet: from n/a through 2.2.0.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-23491

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vikashsrivastava1111989 VSTEMPLATE Creator allows Reflected XSS. This issue affects VSTEMPLATE Creator: from n/a through 2.0.2.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22775

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in idIA Tech Catalog Importer, Scraper & Crawler allows Reflected XSS.This issue affects Catalog Importer, Scraper & Crawler: from n/a through 5.1.3.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-22704

    Cross-Site Request Forgery (CSRF) vulnerability in Abinav Thakuri WordPress Signature allows Cross Site Request Forgery. This issue affects WordPress Signature: from n/a through 0.1.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-22703

    Cross-Site Request Forgery (CSRF) vulnerability in manuelvicedo Forge – Front-End Page Builder allows Stored XSS. This issue affects Forge – Front-End Page Builder: from n/a through 1.4.6.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-22701

    Server-Side Request Forgery (SSRF) vulnerability in NotFound Traveler Layout Essential For Elementor. This issue affects Traveler Layout Essential For Elementor: from n/a through 1.0.8.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-22695

    Authorization Bypass Through User-Controlled Key vulnerability in NirWp Team Nirweb support. This issue affects Nirweb support: from n/a through 3.0.3.... Read more

    Affected Products : nirweb_support
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-22694

    Missing Authorization vulnerability in theDotstore Hide Shipping Method For WooCommerce. This issue affects Hide Shipping Method For WooCommerce: from n/a through 1.5.0.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 7.6

    HIGH
    CVE-2025-22693

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery Contest Gallery allows SQL Injection. This issue affects Contest Gallery: from n/a through 25.1.0.... Read more

    Affected Products : contest_gallery
    • Published: Feb. 03, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2025-22691

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel allows SQL Injection. This issue affects WP Travel: from n/a through 10.1.0.... Read more

    Affected Products : wp_travel
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-22690

    Cross-Site Request Forgery (CSRF) vulnerability in DigiTimber DigiTimber cPanel Integration allows Stored XSS. This issue affects DigiTimber cPanel Integration: from n/a through 1.4.6.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 291368 Results